U.S. consumers hold companies responsible for loss of confidential information: poll

Findings from a snap poll of 2,000 consumers in the United States indicates 51% of respondents would be prepared to take their business elsewhere following a data breach involving personal information, including address, social security number and credit card details, reports California-based HyTrust Inc.

That percentage, however, jumps to 60.2% among consumers in the 35- to 44-age range, notes a statement Wednesday from cloud security automation company HyTrust. “That finding, which focuses on a key demographic, should give retailers and other potential targets significant cause for concern,” the statement adds.

Some respondents felt even more strongly than having their feet do the walking, with 45.6% reporting that companies involved should be considered “criminally negligent,” HyTrust reports, adding that the majority of consumers surveyed say they also believe all officers of a company should be held responsible.

“What this poll shows is that companies are finally, and inevitably, being held to account for their security vulnerabilities,” HyTrust president Eric Chiu says in the statement. “Consumers have options, and when there are endless stories about the loss of confidential information, they’re going to other vendors. Every security breach clearly has a direct impact on operations, but there’s now clear evidence that there’s extensive brand damage as well, and the executives involved will have to pay the price,” Chiu continues.

Repeated breaches were not needed to evoke response. In all, 45.6% of respondents blame the companies involved the moment a data breach occurs, while only 12% withhold condemnation until “it happens more than once.”

Finger-pointing increases with age — 34% of 25- to 34-year-olds lay immediate blame compared to 51% of those 65 and older — but consumers with higher incomes (making more than US$150,000) tend to be more forgiving “when it happens more than once,” the statement adds.

Citing numerous recent high-profile cyber incidents, such as Home Depot and Target, HyTrust notes survey findings show that every company involved in a major data breach — including retailers, banks, healthcare, insurance and Internet service providers — is going to pay an even higher price when customers’ information is compromised.

Blame is more vehemently focused on a breached company, understandably, when a person’s identity is stolen or misused, HyTrust notes. More than a third, 34.2%, of respondents say the worst piece of information to be compromised is the social security number (SSN), the statement adds.

Other survey findings include the following:

• Higher earners are more concerned about their SSNs, with 36.5% of those making US$50,000 to US$74,000 cite this potential theft as most serious, while that falls to 22.8% among those making $24,000 or less.
• Asked who should be held “ultimately accountable” for failures in information security, 19.7% of respondents do not make a distinction between executives with varying responsibilities, pointing the finger at “all officers” of a company. That said, men and women between the ages of 25 and 34 identify chief security officers as most responsible.
• A company’s Board of Directors is ranked as the corporate entity most “off the hook” in terms of accountability for a data breach.